Apparatus, system, and method for applying firewall rules on packets in kernel space on network devices
Granted: October 6, 2020
Patent Number:
10798062
A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding…
Systems and methods for debugging network stacks based on evidence collected from selective tracing
Granted: October 6, 2020
Patent Number:
10797983
A disclosed method may include (1) determining that a packet traversing a network device has been selected for conditional tracing by (A) comparing a characteristic of the packet against a firewall rule that calls for all packets exhibiting the characteristic to be conditionally debugged while traversing the network device and (B) determining, based at least in part on the comparison, that the firewall rule applies to the packet due at least in part to the packet exhibiting the…
Apparatus, system, and method for dissipating heat emitted by individual communication modules via ganged heat exchangers
Granted: September 29, 2020
Patent Number:
10788637
The disclosed apparatus may include (1) a plurality of individual heatsink bases designed to interface with a plurality of removable communication modules installed on a telecommunications device, (2) a plurality of heat pipes that are thermally coupled to the individual heatsink bases, and (3) a ganged heat exchanger that is (A) mechanically coupled to the telecommunications device and (B) thermally coupled to the heat pipes. Various other apparatuses, systems, and methods are also…
Adaptive load-balancing over a multi-point logical interface
Granted: September 22, 2020
Patent Number:
10785157
The techniques describe adaptive load-balancing based on traffic feedback from packet processors. In one example, a source virtual network node of the network device may determine whether a particular destination packet processor is or may become oversubscribed. For example, source packet processors of the source virtual network node may exchange feedback messages including traffic flow rate information. The source virtual network node may compute a total traffic flow rate and compare…
Automated generation of a network service design
Granted: September 22, 2020
Patent Number:
10785109
A device may receive a set of design parameters for a network service. The set of design parameters may include information that identifies one or more network functions associated with the network service. The device may determine attribute information associated with a plurality of virtual network functions (VNFs). A VNF, of the plurality of VNFs, may be configurable to perform at least one network function of the one or more network functions. The device may generate a network service…
Photonic input/output coupler alignment
Granted: September 15, 2020
Patent Number:
10775564
Optical alignment of an optical connector to input/output couplers of a photonic integrated circuit can be achieved by first actively aligning the optical connector successively to two loopback alignment features formed in the photonic chip of the PIC, optically unconnected to the PIC, and then moving the optical connector, based on precise knowledge of the positions of the loopback alignment features relative to the input/output couplers of the PIC, to a position aligned with the…
Scalable port range management for security policies
Granted: September 15, 2020
Patent Number:
10778724
Techniques are disclosed for implementing scalable port range policies across a plurality of categories that support application workloads. In one example, a policy agent receives, from a centralized controller for a computer network, a plurality of policies. Each policy of the plurality of policies includes one or more policy rules, and each of the one or more policy rules specifies one or more tags specifying one or more dimensions for application workloads executed by the one or more…
Method and procedure for loop detection in multi-chassis link aggregation group (MCLAG) deployment within a communications system
Granted: September 15, 2020
Patent Number:
10778567
Apparatus and methods described herein relate to an apparatus including a set of ports and a processor operatively coupled to each port of the set of ports. A port from the set of ports can be associated with a port of a multi-chassis aggregate (MCAE) interface and a virtual local area network (VLAN). The processor can generate an untagged data unit and tagged data units. The processor can send the untagged data unit and the tagged data units via the port from the set of ports, and can…
Virtualization infrastructure underlay network performance measurement and monitoring
Granted: September 15, 2020
Patent Number:
10778534
A variety of different graphical user interfaces are generated that when displayed provide a visual and interactive representation of one or more performance metrics associated with the operation of a computer network. The graphical user interfaces may be used to monitor the underlay computer network for a virtualization infrastructure, as one example. Aspects include grouping the servers of a computer network into a plurality of aggregates, each aggregate comprising one or more servers.…
Verifying an operating system during a boot process using a loader
Granted: September 15, 2020
Patent Number:
10776490
An example device includes one or more memories; and one or more processors, communicatively coupled to the one or more memories, to, during a loading process of a boot process of an operating system, identify a file to be loaded for the operating system, where the operating system is being loaded during the boot process; identify a manifest of the file; verify the manifest of the file based on a supplied signature of the manifest; identify a fingerprint, associated with the file, in a…
Data center architecture utilizing optical switches
Granted: September 8, 2020
Patent Number:
10771871
Embodiments of the invention describe flexible (i.e., elastic) data center architectures capable of meeting exascale, while maintaining low latency and using reasonable sizes of electronic packet switches, through the use of optical circuit switches such as optical time, wavelength, waveband and space circuit switching technologies. This flexible architecture enables the reconfigurability of the interconnectivity of servers and storage devices within a data center to respond to the…
Deployment of a security policy based on network topology and device capability
Granted: September 8, 2020
Patent Number:
10771506
A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the…
Route signaling driven service management
Granted: September 8, 2020
Patent Number:
10771434
A system and method for modifying services provided by one or more network devices. A processor of a first network device identifies defined events in each of a plurality of applications, including a first defined event associated with a first application. The processor assigns a signal-route to each defined event. The processor then executes the first application and, when the processor detects occurrence of the first defined event during execution of the first application, the…
Coordinating pseudowire connection characteristics and multi-homed provider edge device capabilities
Granted: September 8, 2020
Patent Number:
10771383
A device may store first information regarding a first pseudowire connection with a first device, wherein the first pseudowire connection provides access to an Ethernet virtual private network (EVPN) to communicate with a host device. The device may store second information regarding a second pseudowire connection with a second device, wherein the second pseudowire connection provides access to the EVPN to communicate with the host device. The device may receive a message that includes a…
Apparatus, system, and method for discovering network paths
Granted: September 8, 2020
Patent Number:
10771379
The disclosed computer-implemented method may include (1) receiving, at a source node, a request to discover a plurality of network paths that each lead from the source node to a destination node and (2) discovering the plurality of network paths by (A) identifying each next hop between the source node and the destination node, (B) sending, from the source node to each next hop, a path-request probe that prompts the next hop to (i) determine each next-closest hop and (ii) return, to the…
Devices for analyzing and mitigating dropped packets
Granted: September 8, 2020
Patent Number:
10771363
A control device may subscribe to receive data from a network device. The data may be associated with a plurality of packets that have been dropped by the network device and include a first descriptor based on a type of packet drop associated with a packet of the plurality of packets that have been dropped by the network device, and one or more second descriptors based on a packet flow associated with the plurality of packets that have been dropped by the network device. The control…
Reducing traffic loss during link failure in an ethernet virtual private network multihoming topology
Granted: September 8, 2020
Patent Number:
10771317
A first network device permits a bidirectional forwarding detection (BFD) session with a second network device. The first network device is a designated forwarder for a third network device, a first link is provided between the first network device and the third network device, the second network device is a backup designated forwarder for the third network device, a second link is provided between the second network device and the third network device. The first network device detects a…
Efficient storage and retrieval of time series data
Granted: September 8, 2020
Patent Number:
10769132
A device stores time series data, based on time stamps, in a compact prefix tree, and receives new time series data to be added to the compact prefix tree. The device determines whether the new time series data is different than previously stored time series data in the compact prefix tree. The device selectively stores the new time series data in the compact prefix tree by storing the new time series data in the compact prefix tree when the new time series data is different than the…
Methods and apparatus for centralized configuration management of heterogenous network devices through software-based node unification
Granted: September 1, 2020
Patent Number:
10764152
Apparatus and methods described herein relate to an apparatus including a memory and a processor operatively coupled to the memory. The processor can receive a package associated with a network management device and management input. The processor can generate at least one management device schema based on the package, and can modify a controller schema based on the management input and the at least one management device schema. The processor can receive a configuration input signal that…
Anti-spoofing techniques for overlay networks
Granted: September 1, 2020
Patent Number:
10764249
A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a…
